Microsoft Lync Gathers Data Just Like NSA Vacuums Up Info in its Domestic Surveillance Program
Microsoft's Lync communications platform gathers enough readily analyzable data to let corporations spy on their employees like the NSA can on U.S. citizens, and it's based on the same type of information - call details.
Thu, February 20, 2014
Network World — Las Vegas -- Microsoft's Lync communications platform gathers enough readily analyzable data to let corporations spy on their employees like the NSA can on U.S. citizens, and it's based on the same type of information - call details.
At Microsoft's Lync 2014 conference, software developer Event Zero detailed just how easy it would be, for instance, to figure out who is dating whom within the company and pinpoint people looking for another job.
Whether that's ethical or even legal is another question, says Event Zero CEO David Tucker, but it is possible.
Microsoft says these call detail records have been stored by traditional PBXs for legitimate reasons such as accounting for cross-charging, to help with trouble-shooting or even to track contact-center agent productivity, and that's why Lync does so as well. A "From a reporting perspective, Lync does this no differently than any other enterprise communications system," says Barry Castle, senior product marketing manager Lync and Skype, in a written response to questions about the significance of this data possibly being misused.
Either way, it's pretty easy to do using Windows PowerShell, SQL Database information gathered by Lync for monitoring purposes and custom PowerShell queries to sort the information in ways that are useful. Tucker's colleague Shane Hoey demonstrated that the sorted data can readily be exported and be presented in HTML or whatever graphic representations that Excel supports.
The powerful monitoring uses of the same technology are useful and innocent enough, he says. Slicing the identical data can help businesses troubleshoot quality issues on VoIP calls, show trends in bandwidth use to head off network congestion and seek out spots where call quality is deteriorating so remedies can be found.
But using PowerShell queries can also be easily written that parse the same information to figure out personal details about employees. "You can become your own mini-NSA," Tucker says jokingly. "Just make sure it doesn't end up on Wikileaks."
A lot of the information available in call records gathered by Lync includes personally identifiable information about individuals and therefore opens up a can of worms, he says. There may be legal restrictions on use of that data depending on what the laws are in the country or state where the data resides, he says. And individual corporations and departments may have their own rules restricting their use, so IT pros tempted to mine the data should beware, he says.